module UCB::LDAP

UCB::LDAP

If you are doing searches that don't require a privileged bind and are accessing the default (production) server you probably don't need to call any of the methods in this module.

Methods in this module are about making connections to the LDAP directory.

Interaction with the directory (searches and updates) is usually through the search() and other methods of UCB::LDAP::Entry and its sub-classes.

Constants

HOST_PRODUCTION

Public Class Methods

authenticate(username, password) click to toggle source

Give (new) bind credentials to LDAP. An attempt will be made to bind and will raise BindFailedException if bind fails.

Call clear_authentication() to remove privileged bind.

# File lib/ucb_ldap.rb, line 91
def authenticate(username, password)
  @username, @password = username, password
  new_net_ldap() # to force bind()
end
authentication_information() click to toggle source

The value of the :auth parameter for Net::LDAP.new.

# File lib/ucb_ldap.rb, line 175
def authentication_information
  password.nil? ?
      { :method => :anonymous } :
      { :method => :simple, :username => username, :password => password }
end
bind(bind_file, environment) click to toggle source
# File lib/ucb_ldap.rb, line 148
def bind(bind_file, environment)
  raise "Can't find bind file: #{bind_file}" unless FileTest.exists?(bind_file)
  binds = YAML.load(IO.read(bind_file))
  bind = binds[environment] || raise("Can't find environment=#{environment} in bind file")
  authenticate(bind['username'], bind['password'])
end
clear_authentication() click to toggle source

Removes current bind (username, password).

# File lib/ucb_ldap.rb, line 99
def clear_authentication
  authenticate(nil, nil)
end
clear_instance_variables() click to toggle source

Used for testing

# File lib/ucb_ldap.rb, line 215
def clear_instance_variables
  @host = nil
  @net_ldap = nil
  @username = nil
  @password = nil
end
host() click to toggle source

Returns LDAP host used for lookups. Default is HOST_PRODUCTION.

# File lib/ucb_ldap.rb, line 106
def host
  @host || HOST_PRODUCTION
end
host=(host) click to toggle source

Setter for host.

Note: validation of host is deferred until a search is performed or authenticate() is called at which time a bad host will raise ConnectionFailedException.

# File lib/ucb_ldap.rb, line 119
def host=(host)
  if host != @host
    @host = host
    @net_ldap = nil
  end
end
initialize(username, password, host=HOST_PRODUCTION) click to toggle source

Sets the config values we want to use, but doesn't actually connect to the server

# File lib/ucb_ldap.rb, line 79
def initialize(username, password, host=HOST_PRODUCTION)
  @username = username
  @password = password
  @host = host
end
ldap_ping() click to toggle source

Returns true if connection simple search works.

# File lib/ucb_ldap.rb, line 184
def ldap_ping
  search_attrs = {
      :base => "",
      :scope => Net::LDAP::SearchScope_BaseObject,
      :attributes => [1.1]
  }
  result = false
  @net_ldap.search(search_attrs) { result = true }
  result
end
local_date_parse(arg) click to toggle source

Returns arg as a Ruby Date in local time zone. Returns nil if arg is nil.

# File lib/ucb_ldap.rb, line 158
def local_date_parse(arg)
  arg.nil? ? nil : Date.parse(Time.parse(arg.to_s).localtime.to_s)
end
local_datetime_parse(arg) click to toggle source

Returns arg as a Ruby DateTime in local time zone. Returns nil if arg is nil.

# File lib/ucb_ldap.rb, line 165
def local_datetime_parse(arg)
  arg.nil? ? nil : DateTime.parse(Time.parse(arg.to_s).localtime.to_s)
end
net_ldap() click to toggle source

Returns Net::LDAP instance that is used by UCB::LDAP::Entry and subclasses for directory searches.

You might need this to perform searches not supported by sub-classes of Entry.

Note: callers should not cache the results of this call unless they are prepared to handle timed-out connections (which this method does).

# File lib/ucb_ldap.rb, line 136
def net_ldap
  @net_ldap ||= new_net_ldap
end
new_net_ldap() click to toggle source

Returns new Net::LDAP instance.

# File lib/ucb_ldap.rb, line 198
def new_net_ldap
  params = {
      :host => host,
      :auth => authentication_information,
      :port => 636,
      :encryption => { :method => :simple_tls }
  }
  @net_ldap = Net::LDAP.new(params)
  @net_ldap.bind || raise(BindFailedException)
  @net_ldap
rescue Net::LDAP::Error => e
  raise(BindFailedException)
end
with_credentials(username_to_use, password_to_use) { || ... } click to toggle source

Execute UCB::LDAP commands with a different username and password. Original credentials are restored.

# File lib/ucb_ldap.rb, line 64
def with_credentials(username_to_use, password_to_use)
  original_username = username
  original_password = password

  UCB::LDAP.authenticate(username_to_use, password_to_use)

  yield
ensure
  UCB::LDAP.authenticate(original_username, original_password)
end